Community discussions

MikroTik App
 
adlar
just joined
Topic Author
Posts: 24
Joined: Tue Aug 09, 2022 7:47 am

Confused by passthrough

Tue Aug 16, 2022 7:05 am

I am confused by the 'passthrouth'.
If I write a match->mark->!passthrough rule in a custom chain in prerouting chain. There are two prossible results. One is: !passthrouth= mark+accept,mark and finish processing in prerouting. The other is: !passthrough=mark+return,mark and return to prerouting chain. Which one is correct?
Thanks for help!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Confused by passthrough

Tue Aug 16, 2022 1:03 pm

Two things in a rule. a. the matching condition and b. the action.
Start there and explain in english what you want to accomplish without stating the configuration at all.
What do you want users to be able to do and NOT be able to do.....
Rules will naturally fall out of well stated requirements.
 
adlar
just joined
Topic Author
Posts: 24
Joined: Tue Aug 09, 2022 7:47 am

Re: Confused by passthrough

Thu Aug 18, 2022 6:34 am

I wrote test rules and got answer.If a rule is to match some condition then take mark action, the '!passthrough' option equals 'accept'.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Confused by passthrough

Thu Aug 18, 2022 4:34 pm

The way I understand it, is that its a way to (within a set of mangle rules) tell the router to not remove the packet from the chain but to keep processing it through the next rule in the chain even though you may have matched a condition.
In other words instead of a rule matching and being accepted the packet does NOT exit the chain but continues to the next rules in the chain........... and so forth.
If you want the packet not to continue in the chain then use passthrough=no, the next time the packet is matched (on a subsequent rule) it exits the chain.

Thus a packet may match on the first rule in a mangle chain but you put in passthrough=yes, because rule 10 in the chain needs also to look at that packet. etc...
and on rule 10 you put passthrough=no because there is no need for the packet to be processes through rules 11-20 (20 being the last rule in the chain).

Who is online

Users browsing this forum: tinodj and 93 guests